GitLab服务构成
GitLab由以下服务构成:
nginx:静态Web服务器
gitlab-shell:用于处理Git命令和修改authorized keys列表
gitlab-workhorse:轻量级的反向代理服务器
logrotate:日志文件管理工具
postgresql:数据库
redis:缓存数据库
sidekiq:用于在后台执行队列任务(异步执行)
unicorn:An HTTP server for Rack applications,GitLab Rails应用是托管在这个服务器上面的。
Gitlab Shell
GitLab Shell有两个作用:为GitLab处理Git命令、修改authorized keys列表。
当通过SSH访问GitLab Server时,GitLab Shell会:
限制执行预定义好的Git命令(git push, git pull, git annex)
调用GitLab Rails API 检查权限
执行pre-receive钩子(在GitLab企业版中叫做Git钩子)
执行你请求的动作
处理GitLab的post-receive动作
处理自定义的post-receive动作
当通过http(s)访问GitLab Server时,工作流程取决于你是从Git仓库拉取(pull)代码还是向git仓库推送(push)代码。如果你是从Git仓库拉取(pull)代码,GitLab Rails应用会全权负责处理用户鉴权和执行Git命令的工作;如果你是向Git仓库推送(push)代码,GitLab Rails应用既不会进行用户鉴权也不会执行Git命令,它会把以下工作交由GitLab Shell进行处理:
调用GitLab Rails API 检查权限
执行pre-receive钩子(在GitLab企业版中叫做Git钩子)
执行你请求的动作
处理GitLab的post-receive动作
处理自定义的post-receive动作
也许你会奇怪在通过http(s)推送(push)代码的情况下,GitLab Rails应用为什么不在GitLab Shell之前进行鉴权。这是因为GitLab Rails应用没有解析git push命令的逻辑。好的方法是将这些解析代码放在一个地方,这个地方就是GitLab Shell,这样我们就可以在通过SSH进行访问时重用这段代码。实际上,GitLabShell在执行git push命令时根本不会进行权限检查,它是依赖于pre-receive钩子进行权限检查的。而当你执行git pull命令时,权限检查是在命令执行之前的。对git pull命令的权限检查要简单得多,因为你只需要检查一个用户是否可以访问这个仓库就可以了(不需要检查分支权限)。
好吧,GitLab Shell这段话都是翻译官网的。链接在这里
最后一段话有点拗口,我对此还是有一点问题的:既然你把git push的逻辑都放在GitLab Shell里面了,为什么不把git pull的逻辑也都放在里面提供重用呢?
猜想:git pull这段逻辑无法重用,因为通过http(s)方式访问时,要读取仓库的数据并且把这些数据封装成http包返回给客户端;而通过ssh方式访问时,仓库代码数据是通过ssh数据包返回的。两种访问方式返回数据的封装方式不一样,所以也没有必要提供重用。但是我觉得读取仓库数据这段逻辑应该还是重用了的。
GitLab Workhorse
GitLab Workhorse是一个敏捷的反向代理。它会处理一些大的HTTP请求,比如文件上传、文件下载、Git push/pull和Git包下载。其它请求会反向代理到GitLab Rails应用,即反向代理给后端的unicorn。官网对GitLab Workhorse的介绍在这里:https://gitlab.com/gitlab-org/gitlab-workhorse/
六、GitLab工作流程
GitLab工作流程图
Gitlab Shell
GitLab Shell有两个作用:为GitLab处理Git命令、修改authorized keys列表。
当通过SSH访问GitLab Server时,GitLab Shell会:
- 限制执行预定义好的Git命令(git push, git pull, git annex)
- 调用GitLab Rails API 检查权限
- 执行pre-receive钩子(在GitLab企业版中叫做Git钩子)
- 执行你请求的动作
- 处理GitLab的post-receive动作
- 处理自定义的post-receive动作
当通过http(s)访问GitLab Server时,工作流程取决于你是从Git仓库拉取(pull)代码还是向git仓库推送(push)代码。如果你是从Git仓库拉取(pull)代码,GitLab Rails应用会全权负责处理用户鉴权和执行Git命令的工作;如果你是向Git仓库推送(push)代码,GitLab Rails应用既不会进行用户鉴权也不会执行Git命令,它会把以下工作交由GitLab Shell进行处理:
- 调用GitLab Rails API 检查权限
- 执行pre-receive钩子(在GitLab企业版中叫做Git钩子)
- 执行你请求的动作
- 处理GitLab的post-receive动作
- 处理自定义的post-receive动作
也许你会奇怪在通过http(s)推送(push)代码的情况下,GitLab Rails应用为什么不在GitLab Shell之前进行鉴权。这是因为GitLab Rails应用没有解析git push命令的逻辑。好的方法是将这些解析代码放在一个地方,这个地方就是GitLab Shell,这样我们就可以在通过SSH进行访问时重用这段代码。实际上,GitLabShell在执行git push命令时根本不会进行权限检查,它是依赖于pre-receive钩子进行权限检查的。而当你执行git pull命令时,权限检查是在命令执行之前的。对git pull命令的权限检查要简单得多,因为你只需要检查一个用户是否可以访问这个仓库就可以了(不需要检查分支权限)。
好吧,GitLab Shell这段话都是翻译官网的。链接在这里
最后一段话有点拗口,我对此还是有一点问题的:既然你把git push的逻辑都放在GitLab Shell里面了,为什么不把git pull的逻辑也都放在里面提供重用呢?
猜想:git pull这段逻辑无法重用,因为通过http(s)方式访问时,要读取仓库的数据并且把这些数据封装成http包返回给客户端;而通过ssh方式访问时,仓库代码数据是通过ssh数据包返回的。两种访问方式返回数据的封装方式不一样,所以也没有必要提供重用。但是我觉得读取仓库数据这段逻辑应该还是重用了的。
GitLab Workhorse
GitLab Workhorse是一个敏捷的反向代理。它会处理一些大的HTTP请求,比如文件上传、文件下载、Git push/pull和Git包下载。其它请求会反向代理到GitLab Rails应用,即反向代理给后端的unicorn。官网对GitLab Workhorse的介绍在这里:https://gitlab.com/gitlab-org/gitlab-workhorse/
六、GitLab工作流程
#http://www.fanzicai.com/blog_hexo/Program/20160520-CentOS7%E4%B8%8A%E5%AE%89%E8%A3%85GitLab%EF%BC%88SRC%EF%BC%89.html
#1.安装软件包及解决依赖项,升级系统
yum -y update
#2.安装必须的软件
yum -y install gcc autoconf cmake unzip vim libcurl-devel zlib-devel curl-devel expat-devel gettext-devel openssl-devel perl-devel nodejs libicu-devel wget curl
#安装git
wget https://www.kernel.org/pub/software/scm/git/git-2.9.0.tar.gz [root@t1 ~]# tar xf git-2.9.0.tar.gz [root@t1 ~]# cd git-2.9.0 [root@t1 git-2.9.0]# ./configure [root@t1 git-2.9.0]# make prefix=/usr/local all # 安装到/usr/local/bin [root@t1 git-2.9.0]# make prefix=/usr/local install [root@t1 git-2.9.0]# source /etc/profile # 验证git版本号 [root@t1 git-2.9.0]# git --version #查看git安装路径 [root@t1 git-2.9.0]# which git
# 编辑 config/gitlab.yml (第7步中gitlab), 修改 git 路径为 /usr/local/bin/git !!!
#2.添加系统用户
#我们添加一个用来管理运行Gitlab的用户git
[root@t1 ~]# useradd -c 'Gitlab' -s /bin/bash git
#为了包含/usr/local/bin到git用户的$PATH,一个方法是编辑超级用户文件。以管理员身份运行:
$ visudo #然后搜索: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin #将其改成: Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
#3.安装postfix
yum -y install postfix
#4. Ruby
#Note: The current supported Ruby version is 2.1.x. Ruby 2.2 and 2.3 are currently not supported. [root@t1 ~]# yum -y remove ruby* [root@t1 ~]# curl -O --progress https://cache.ruby-lang.org/pub/ruby/2.1/ruby-2.1.8.tar.gz [root@t1 ~]# tar xf ruby-2.1.8.tar.gz [root@t1 ~]# cd ruby-2.1.8 [root@t1 ~]# ./configure --disable-install-rdoc [root@t1 ~]# make [root@t1 ~]# make install #Install the Bundler Gem: [root@t1 ~]# sudo gem install bundler --no-ri --no-rdoc
#5. Go
#Since GitLab 8.0, Git HTTP requests are handled by gitlab-workhorse (formerly gitlab-git-http-server). This is a small daemon written in Go. To install gitlab-workhorse we need a Go compiler. The instructions below assume you use 64-bit Linux. You can find downloads for other platforms at the Go download page. [root@t1 ~]# curl -O --progress https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz [root@t1 ~]# tar -C /usr/local -xzf go1.5.3.linux-amd64.tar.gz [root@t1 ~]# ln -sf /usr/local/go/bin/{go,godoc,gofmt} /usr/local/bin/ [root@t1 ~]# rm go1.5.3.linux-amd64.tar.gz
修改数据库
#创建数据库,用户,添加权限 MariaDB [(none)]> CREATE USER 'git'@'localhost' IDENTIFIED BY 'gitlab'; mysql> SET storage_engine=INNODB; mysql> CREATE DATABASE IF NOT EXISTS `gitlabhq_production` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`; mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, DROP, INDEX, ALTER, LOCK TABLES, REFERENCES ON `gitlabhq_production`.* TO 'git'@'localhost';
#安装Redis
yum install redis -y cp /etc/redis.conf /etc/redis.conf.orig #sed 's/^port .*/port 0/' /etc/redis.conf.orig |tee /etc/redis.conf #不需要执行 echo 'unixsocket /var/run/redis/redis.sock' | sudo tee -a /etc/redis.conf echo 'unixsocketperm 770' | sudo tee -a /etc/redis.conf mkdir /var/run/redis chown redis:redis /var/run/redis chmod 755 /var/run/redis # Persist the directory which contains the socket, if applicable if [ -d /etc/tmpfiles.d ]; then echo 'd /var/run/redis 0755 redis redis 10d -' | sudo tee -a /etc/tmpfiles.d/redis.conf fi systemctl start redis chkconfig redis on usermod -aG redis git
#7. GitLab
# We'll install GitLab into home directory of the user "git" cd /home/git #Clone the Source # Clone GitLab repository sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-ce.git -b 8-9-stable gitlab #注意gitlab的版本 #Configure It # Go to GitLab installation folder cd /home/git/gitlab # Copy the example GitLab config sudo -u git -H cp config/gitlab.yml.example config/gitlab.yml # Update GitLab config file, follow the directions at top of file sudo -u git -H vim config/gitlab.yml gitlab: ## Web server settings (note: host is the FQDN, do not include http://) host: gitlabtest.ptmind.com port: 443 # Set to 443 if using HTTPS, see installation.md#using-https for additional HTTPS configuration details https: true # Set to true if using HTTPS, see installation.md#using-https for additional HTTPS configuration details bin_path: /usr/local/bin/git # Copy the example secrets file #注意:如果将备份文件在异地恢复,需要将老版的secrets.yml拷贝到新版的对应目录下 sudo -u git -H cp config/secrets.yml.example config/secrets.yml sudo -u git -H chmod 0600 config/secrets.yml # Make sure GitLab can write to the log/ and tmp/ directories sudo chown -R git log/ sudo chown -R git tmp/ sudo chmod -R u+rwX,go-w log/ sudo chmod -R u+rwX tmp/ # Make sure GitLab can write to the tmp/pids/ and tmp/sockets/ directories sudo chmod -R u+rwX tmp/pids/ sudo chmod -R u+rwX tmp/sockets/ # Create the public/uploads/ directory sudo -u git -H mkdir public/uploads/ # Make sure only the GitLab user has access to the public/uploads/ directory # now that files in public/uploads are served by gitlab-workhorse sudo chmod 0700 public/uploads # Change the permissions of the directory where CI build traces are stored sudo chmod -R u+rwX builds/ # Change the permissions of the directory where CI artifacts are stored sudo chmod -R u+rwX shared/artifacts/ # Copy the example Unicorn config sudo -u git -H cp config/unicorn.rb.example config/unicorn.rb # Find number of cores nproc # Enable cluster mode if you expect to have a high load instance # Set the number of workers to at least the number of cores # Ex. change amount of workers to 3 for 2GB RAM server sudo -u git -H vim config/unicorn.rb worker_processes 10 listen "127.0.0.1:8030", :tcp_nopush => true # Copy the example Rack attack config sudo -u git -H cp config/initializers/rack_attack.rb.example config/initializers/rack_attack.rb # Configure Git global settings for git user # 'autocrlf' is needed for the web editor sudo -u git -H git config --global core.autocrlf input # Disable 'git gc --auto' because GitLab already runs 'git gc' when needed sudo -u git -H git config --global gc.auto 0 # Configure Redis connection settings sudo -u git -H cp config/resque.yml.example config/resque.yml # Change the Redis socket path if you are not using the default Debian / Ubuntu configuration # 修改Redis访问路径 sudo -u git -H vim config/resque.yml #Important Note: Make sure to edit both gitlab.yml and unicorn.rb to match your setup. #Note: If you want to use HTTPS, see Using HTTPS for the additional steps. ##Configure GitLab DB Settings # MySQL only: sudo -u git cp config/database.yml.mysql config/database.yml # Change 'secure password' with the value you have given to $password # You can keep the double quotes around the password sudo -u git -H vim config/database.yml # MySQL: # Make config/database.yml readable to git only sudo -u git -H chmod o-rwx config/database.yml
安装 Gems
cd /home/git/gitlab # For users from China mainland only # 仅限中国大陆用户 # vim /home/git/gitlab/Gemfile # source "https://ruby.taobao.org" // 原始 source "https://rubygems.org/" # For MySQL (note, the option says "without ... postgres") #修改ruby路径 vim /usr/local/bin/bundle #!/usr/local/bin/ruby # Or if you use MySQL (note, the option says "without ... postgres") sudo -u git -H bundle install -j5 --deployment --without development test postgres aws 报错: Installing org-ruby 0.9.12 Gem::Ext::BuildError: ERROR: Failed to build gem native extension. /usr/local/bin/ruby extconf.rb checking for ruby/thread.h... yes checking for rb_thread_call_without_gvl() in ruby/thread.h... yes checking for rb_thread_blocking_region()... yes checking for rb_wait_for_single_fd()... yes checking for rb_hash_dup()... yes checking for rb_intern3()... yes checking for mysql_query() in -lmysqlclient... no ----- libmysqlclient is missing. Trying again with extra runtime libraries... ----- 解决: yum -y install mysql-devel Install GitLab Shell #GitLab Shell is an SSH access and repository management software developed specially for GitLab. # Run the installation task for gitlab-shell (replace `REDIS_URL` if needed): #如果redis在本地,可使用如下方式 sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=unix:/var/run/redis/redis.sock RAILS_ENV=production #如果redis在其他服务器,可使用如下方式: sudo -u git -H bundle exec rake gitlab:shell:install REDIS_URL=redis://172.16.5.101:6379 RAILS_ENV=production # By default, the gitlab-shell config is generated from your main GitLab config. # You can review (and modify) the gitlab-shell config as follows: sudo -u git -H vim /home/git/gitlab-shell/config.yml --- user: git gitlab_url: http://127.0.0.1:8030/ ######注意修改端口,修改主机名,并在hosts中添加解析!!!! http_settings: self_signed_cert: false repos_path: "/home/git/repositories/" auth_file: "/home/git/.ssh/authorized_keys" redis: bin: "/bin/redis-cli" namespace: resque:gitlab socket: "/var/run/redis/redis.sock" log_level: INFO audit_usernames: false
Install gitlab-workhorse
cd /home/git sudo -u git -H git clone https://gitlab.com/gitlab-org/gitlab-workhorse.git cd gitlab-workhorse sudo -u git -H git checkout v0.7.5 sudo -u git -H make 配置repositories 因为修改了repositories路径,因此使用下面的/data/repositories/ sudo chmod -R ug+rwX,o-rwx /home/git/repositories/ sudo chmod -R ug-s /home/git/repositories/ sudo find /home/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s sudo chmod -R ug+rwX,o-rwx /data/git/repositories/ sudo chmod -R ug-s /data/git/repositories/ sudo find /data/git/repositories/ -type d -print0 | sudo xargs -0 chmod g+s Initialize Database and Activate Advanced Features # Go to GitLab installation folder cd /home/git/gitlab #sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production sudo -u git -H bundle exec rake gitlab:setup RAILS_ENV=production GITLAB_ROOT_PASSWORD=yourpassword GITLAB_ROOT_EMAIL=youremail # Type 'yes' to create the database tables. # When done you see 'Administrator account created:' #Secure secrets.yml # The secrets.yml file stores encryption keys for sessions and secure variables. Backup secrets.yml someplace safe, but don't store it in the same place as your database backups. Otherwise your secrets are exposed if one of your backups is compromised. ls /home/git/gitlab/config/secrets.yml # Install Init Script # Download the init script (will be /etc/init.d/gitlab): sudo cp lib/support/init.d/gitlab /etc/init.d/gitlab # 修改workhorse访问gitlab-shell端口 vim /etc/init.d/gitlab gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public" #And if you are installing with a non-default folder or user copy and edit the defaults file: sudo cp lib/support/init.d/gitlab.default.example /etc/default/gitlab # 修改workhorse访问gitlab-shell端口 vim /etc/default/gitlab gitlab_workhorse_options="-listenUmask 0 -listenNetwork unix -listenAddr $socket_path/gitlab-workhorse.socket -authBackend http://127.0.0.1:8030 -authSocket $rails_socket -documentRoot $app_root/public"
#If you installed GitLab in another directory or as a user other than the default you should change these settings in /etc/default/gitlab. Do not edit /etc/init.d/gitlab as it will be changed on upgrade.
#Make GitLab start on boot:
chkconfig gitlab on
#Setup Logrotate
sudo cp lib/support/logrotate/gitlab /etc/logrotate.d/gitlab
#Check Application Status
#Check if GitLab and its environment are configured correctly:
sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production
Compile Assets 编译静态文件
sudo -u git -H bundle exec rake assets:precompile RAILS_ENV=production
# Start Your GitLab Instance
sudo service gitlab start
Nginx配置
yum -y install nginx sudo cp lib/support/nginx/gitlab /etc/nginx/conf.d/gitlab.conf vim /etc/nginx/conf.d/gitlab.conf ## GitLab ## See installation.md#using-https for additional HTTPS configuration details. upstream gitlab-workhorse { server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; } ## Normal HTTP host server { ## Either remove "default_server" from the listen line below, ## or delete the /etc/nginx/sites-enabled/default file. This will cause gitlab ## to be served if you visit any address that your server responds to, eg. ## the ip address of the server (http://x.x.x.x/)n 0.0.0.0:80 default_server; # listen 0.0.0.0:80 default_server; # listen [::]:80 default_server; listen 80; server_name gitlabtest.ptmind.com; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice ## See app/controllers/application_controller.rb for headers set ## Individual nginx logs for this GitLab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { client_max_body_size 0; gzip off; ## https://github.com/gitlabhq/gitlabhq/issues/694 ## Some requests take more than 30 seconds. proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://gitlab-workhorse; } error_page 404 /404.html; error_page 422 /422.html; error_page 500 /500.html; error_page 502 /502.html; error_page 503 /503.html; location ~ ^/(404|422|500|502|503).html$ { root /home/git/gitlab/public; internal; } } ################Nginx ssl 配置文件#################### upstream gitlab-workhorse { server unix:/home/git/gitlab/tmp/sockets/gitlab-workhorse.socket fail_timeout=0; } server { listen 0.0.0.0:80; server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice return 301 https://$http_host$request_uri; access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; } server { listen 0.0.0.0:443 ssl; server_name gitlab.ptengine.jp; ## Replace this with something like gitlab.example.com server_tokens off; ## Don't show the nginx version number, a security best practice ssl on; ssl_certificate /usr/local/nginx/ssl/www.ptengine.jp.pem; ssl_certificate_key /usr/local/nginx/ssl/www.ptengine.jp.key; ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { client_max_body_size 0; gzip off; proxy_read_timeout 300; proxy_connect_timeout 300; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://gitlab-workhorse; } error_page 404 /404.html; error_page 422 /422.html; error_page 500 /500.html; error_page 502 /502.html; error_page 503 /503.html; location ~ ^/(404|422|500|502|503).html$ { root /home/git/gitlab/public; internal; } } ##############################################################
# 修改/home/git权限
chmod 755 /home/git
# 检查安装
cd /home/git/gitlab sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production
# 备份:
##修改默认的备份目录 vim /home/git/gitlab/config/gitlab.yml backup: path: "/data/git/gitlab-backup/" mkdir -p /data/git/gitlab-backup/ chown -R git.git /data/git/gitlab-backup/ #重启 gitlab service gitlab restart #执行备份 sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
# 遇到的问题,执行备份失败,原因是读取config/database.yml文件中的password有问题,需要修改/home/git/gitlab/lib/backup/database.rb
[root@nexus-5-101 gitlab]# sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production Dumping database ... Dumping MySQL database gitlabhq_production ... mysqldump: Got error: 1045: "Access denied for user 'git'@'172.16.3.65' (using password: YES)" when trying to connect [FAILED] Backup failed vim /home/git/gitlab/lib/backup/database.rb #第23行,将关于mysql的ENV['MYSQL_PWD']注销 #第75行,mysql_args下面添加'password' => '--password', ######################################################################### vim /home/git/gitlab/lib/backup/database.rb require 'yaml' module Backup class Database attr_reader :config, :db_file_name def initialize @config = YAML.load_file(File.join(Rails.root,'config','database.yml'))[Rails.env] @db_file_name = File.join(Gitlab.config.backup.path, 'db', 'database.sql.gz') end def dump FileUtils.mkdir_p(File.dirname(db_file_name)) FileUtils.rm_f(db_file_name) compress_rd, compress_wr = IO.pipe compress_pid = spawn(*%W(gzip -1 -c), in: compress_rd, out: [db_file_name, 'w', 0600]) compress_rd.close dump_pid = case config["adapter"] when /^mysql/ then $progress.print "Dumping MySQL database #{config['database']} ... " # Workaround warnings from MySQL 5.6 about passwords on cmd line # ENV['MYSQL_PWD'] = config["password"].to_s if config["password"] spawn('mysqldump', *mysql_args, config['database'], out: compress_wr) when "postgresql" then $progress.print "Dumping PostgreSQL database #{config['database']} ... " pg_env pgsql_args = ["--clean"] # Pass '--clean' to include 'DROP TABLE' statements in the DB dump. if Gitlab.config.backup.pg_schema pgsql_args << "-n" pgsql_args << Gitlab.config.backup.pg_schema end spawn('pg_dump', *pgsql_args, config['database'], out: compress_wr) end compress_wr.close success = [compress_pid, dump_pid].all? { |pid| Process.waitpid(pid); $?.success? } report_success(success) abort 'Backup failed' unless success end def restore decompress_rd, decompress_wr = IO.pipe decompress_pid = spawn(*%W(gzip -cd), out: decompress_wr, in: db_file_name) decompress_wr.close restore_pid = case config["adapter"] when /^mysql/ then $progress.print "Restoring MySQL database #{config['database']} ... " # Workaround warnings from MySQL 5.6 about passwords on cmd line ENV['MYSQL_PWD'] = config["password"].to_s if config["password"] spawn('mysql', *mysql_args, config['database'], in: decompress_rd) when "postgresql" then $progress.print "Restoring PostgreSQL database #{config['database']} ... " pg_env spawn('psql', config['database'], in: decompress_rd) end decompress_rd.close success = [decompress_pid, restore_pid].all? { |pid| Process.waitpid(pid); $?.success? } report_success(success) abort 'Restore failed' unless success end protected def mysql_args args = { 'host' => '--host', 'port' => '--port', 'socket' => '--socket', 'username' => '--user', 'password' => '--password', 'encoding' => '--default-character-set' } args.map { |opt, arg| "#{arg}=#{config[opt]}" if config[opt] }.compact end def pg_env ENV['PGUSER'] = config["username"] if config["username"] ENV['PGHOST'] = config["host"] if config["host"] ENV['PGPORT'] = config["port"].to_s if config["port"] ENV['PGPASSWORD'] = config["password"].to_s if config["password"] end def report_success(success) if success $progress.puts '[DONE]'.color(:green) else $progress.puts '[FAILED]'.color(:red) end end end end #########################################################################
#再次执行备份:
sudo -u git -H bundle exec rake gitlab:backup:create RAILS_ENV=production
#恢复
恢复时要确保两边的gitlab版本是一样的
# Stop processes that are connected to the database sudo service gitlab stop sudo -u git -H bundle exec rake gitlab:backup:restore RAILS_ENV=production BACKUP=1474170453 # Options: BACKUP=timestamp_of_backup (required if more than one backup exists) force=yes (do not ask if the authorized_keys file should get regenerated)